[Git][security-tracker-team/security-tracker][master] Add new freerdp2 issues
Salvatore Bonaccorso
carnil at debian.org
Fri May 29 20:56:39 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
985baacf by Salvatore Bonaccorso at 2020-05-29T21:55:28+02:00
Add new freerdp2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7185,16 +7185,41 @@ CVE-2020-11091
RESERVED
CVE-2020-11090
RESERVED
-CVE-2020-11089
+CVE-2020-11089 [oob read in channel `irp` functions]
RESERVED
-CVE-2020-11088
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
+CVE-2020-11088 [Out of bound read in ntlm_read_NegotiateMessage]
RESERVED
-CVE-2020-11087
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
+CVE-2020-11087 [oob read in `ntlm_read_AuthenticateMessage`]
RESERVED
-CVE-2020-11086
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
+CVE-2020-11086 [oob read in `ntlm_read_ntlm_v2_response`]
RESERVED
-CVE-2020-11085
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
+CVE-2020-11085 [cliprdr_read_format_list out of bound read]
RESERVED
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
CVE-2020-11084
RESERVED
CVE-2020-11083
@@ -7334,6 +7359,11 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in u
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
CVE-2020-11043
RESERVED
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
@@ -7349,8 +7379,13 @@ CVE-2020-11041 [Unchecked read of array offset in rdpsnd_recv_wave2_pdu ]
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
-CVE-2020-11040
+CVE-2020-11040 [out of bound access in clear_decompress_subcode_rlex]
RESERVED
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
CVE-2020-11039 [Out of bound read/write in usb redirection channel]
RESERVED
- freerdp2 2.1.1+dfsg1-1
@@ -7459,10 +7494,18 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4
- ruby-faye <unfixed> (bug #959392)
NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
-CVE-2020-11019
+CVE-2020-11019 [Out of bound read in update_recv]
RESERVED
-CVE-2020-11018
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
+CVE-2020-11018 [Out of bound read in cliprdr_server_receive_capabilities]
RESERVED
+ - freerdp2 2.1.1+dfsg1-1
+ - freerdp <removed>
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
CVE-2020-11017 [Double free in cliprdr_server_receive_capabilities]
RESERVED
- freerdp2 2.1.1+dfsg1-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/985baacf8210f4a2fe56ce7936e341bbae424cc3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/985baacf8210f4a2fe56ce7936e341bbae424cc3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200529/74ba2369/attachment.html>
More information about the debian-security-tracker-commits
mailing list